Explore Bumblebee, Perplexity's new open-source tool for scanning developer machines for supply chain compromises. Learn how it detects vulnerable packages across npm, PyPI, Go, and more—without executing package managers or compromising credentials.
On May 22, 2026, Perplexity AI released Bumblebee, an open-source supply chain security scanner designed to answer a deceptively simple question: when a security advisory names a vulnerable package, which developer machines in your organization have it installed right now?
Unlike SBOMs (Software Bill of Materials) that document production artifacts, or EDR tools that monitor what's running, Bumblebee focuses on the messy local development state scattered across lockfiles, package manager caches, IDE extensions, browser add-ons, and Model Context Protocol (MCP) server configs.
In a landscape where supply chain attacks like the 2024 XZ Utils backdoor, 2025 PyTorch supply chain compromise, and ongoing npm malware campaigns dominate headlines, Bumblebee offers security teams a fast, read-only, zero-dependency tool to assess exposure across their entire developer fleet.
The Supply Chain Visibility Gap
Modern software development involves dozens of package ecosystems, multiple language toolchains, and an ever-growing surface area of extensions and developer tools. When a critical advisory drops, security teams face a race against time:
Which developers have the vulnerable package installed?
Which projects are affected?
What versions are in use?
Traditional tools fall short:
SBOMs document production builds, not local dev environments
EDR monitors running processes, not dormant dependencies
Package manager queries (npm ls, pip show) are slow, resource-intensive, and require execution
Vulnerability scanners focus on project-level analysis, not fleet-wide inventory
Bumblebee fills this gap with a single-purpose, surgical scanner that collects package metadata without execution overhead.
What Makes Bumblebee Different?
1. Read-Only by Design
Bumblebee never executes package managers or build tools. It only reads:
Bumblebee is a single Go binary built with only the Go standard library. No vendored dependencies, no third-party packages, no supply chain risk in the tool itself.
bash
go install github.com/perplexityai/bumblebee/cmd/bumblebee@latest
# ~10MB binary, zero dependencies
This makes it trivial to:
Deploy across heterogeneous fleets (macOS, Linux, ARM, x86)
Audit the source (minimal codebase, no transitive dependencies)
Build reproducibly (no dependency resolution surprises)
3. Multi-Ecosystem Coverage
Bumblebee scans 10 package ecosystems plus editor/browser extensions:
Bumblebee offers three scan profiles for different use cases:
Baseline (Recurring Lightweight Inventory)
Scans common global/user package roots, language toolchains, editor extensions, browser extensions, and MCP configs. Designed for daily/weekly recurring scans via cron, launchd, or MDM.
Typical scan time: 30-60 seconds (depends on project count)
Use case: Daily/weekly project-level visibility
Deep (Incident Response)
Scans explicit --root paths, including broad roots like $HOME. Refuses to run without explicit root specification. Designed for on-demand incident response when an advisory drops.
These catalogs are assembled using Perplexity Computer and validated by security researchers, providing a continuously updated knowledge base for incident response.
Receivers use scan_summary to decide whether to promote a scan to "current state" (e.g., only accept scans that completed successfully and covered expected ecosystems).
Real-World Use Case: The Laravel Lang Typosquatting Campaign (May 2026)
In May 2026, threat actors compromised several typosquatted packages mimicking Laravel's popular laravel-lang localization library. Packages like larave1-lang, laravel-1ang, and laravel-lang-dev were published with identical descriptions but included credential-stealing backdoors.
How Bumblebee Helped
1. Perplexity's security team used Perplexity Computer to build an exposure catalog:
Companies using Bumblebee detected exposed machines within minutes, while organizations relying on manual code reviews or weekly vulnerability scans took days to assess impact.
MCP (Model Context Protocol) Support
One of Bumblebee's most forward-looking features is Model Context Protocol (MCP) server inventory.
What is MCP?
MCP is Anthropic's protocol for connecting AI assistants (Claude Desktop, Cline, Cursor, etc.) to external tools and data sources via "MCP servers"—small programs that expose tools, resources, and prompts to LLMs.
Common MCP servers:
File system access: @modelcontextprotocol/server-filesystem
Bumblebee uses goroutines for concurrent directory traversal and parsing, automatically scaling to available CPU cores. On a 16-core machine, deep scans typically achieve 90%+ CPU utilization.
Comparison to Alternative Tools
Tool
Purpose
Execution Model
Speed
Ecosystems
Bumblebee
Endpoint inventory
Read-only metadata
Fast (seconds)
10+ ecosystems + MCP
Syft
SBOM generation
Read + heuristics
Medium (30s-2m)
20+ ecosystems
Trivy
Vulnerability scanning
Read + CVE DB
Medium (1-3m)
10+ ecosystems
npm audit
Project vulnerability scan
Executes npm
Slow (project-level)
npm only
pip-audit
Python vulnerability scan
Executes pip
Slow (project-level)
PyPI only
osquery
Endpoint visibility
Read + system queries
Fast (queries)
General OS, limited package support
Grype
Vulnerability scanning
Read + CVE DB
Medium (1-2m)
10+ ecosystems
Bumblebee's niche: Fast, read-only, fleet-wide exposure checking when you already know what you're looking for (exposure catalogs).
When to use Bumblebee vs. alternatives:
Use Bumblebee for recurring inventory and incident response ("does anyone have package X@Y?")
Use Syft/Trivy for SBOM generation and comprehensive vulnerability scanning
Use package-specific audits (npm audit, pip-audit) for deep project-level analysis
Use osquery for general OS/endpoint visibility beyond package inventory
Run embedded fixtures to verify Bumblebee's detection capabilities:
bash
bumblebee selftest
# selftest OK (2 findings in 1ms)
Uses deliberately fake package names ([email protected]) and makes no network calls. Non-zero exit means detection is broken—useful for pre-deployment smoke tests.
Contributing and Community
Bumblebee is Apache 2.0 licensed and welcoming contributions:
✅ Install Bumblebee on a test machine (go install ...)
✅ Run bumblebee selftest to verify installation
✅ Perform baseline scan on test machine, review output
✅ Download exposure catalogs from threat_intel/ directory
✅ Test incident response workflow with sample catalog
✅ Deploy to fleet via MDM/configuration management
✅ Set up recurring baseline scans (cron/launchd)
✅ Integrate findings with SIEM/ticketing system
For Developers:
✅ Install Bumblebee locally
✅ Run bumblebee scan --profile project --root ~/code
✅ Review which packages are visible in your workspace
✅ Add to CI/CD pipeline for automated project inventory
✅ Subscribe to Bumblebee releases for catalog updates
Conclusion
Bumblebee addresses a critical gap in modern software supply chain security: fast, accurate, fleet-wide visibility into developer endpoint package inventory.
In a world where supply chain compromises increasingly target developer tooling (XZ Utils, PyPI packages, npm malware, MCP servers), security teams need tools that can answer "who's affected?" in seconds, not hours or days.
Bumblebee's design philosophy—read-only, zero-dependency, exact-match detection—makes it the ideal complement to SBOMs, vulnerability scanners, and EDR systems. It's not trying to be a complete SCA solution; it's solving one problem exceptionally well: "which developer machines have package X@Y installed right now?"
With Perplexity's ongoing maintenance, community-contributed threat intelligence catalogs, and Apache 2.0 licensing, Bumblebee is positioned to become a standard tool in security operations workflows.